Kevin BeaumontApr 14, 2024
I wrote up the Delinea Secret Server Cloud security incident situation: https://doublepulsar.com/delinea-has-cloud-security-incident-in-thycotic-secret-server-gaff-581a33990882
Delinea has cloud security incident in Thycotic Secret Server gaff

This is a weird one. Customers of Delinea Secret Server Cloud had a mysterious outage on Friday due to a “security incident” – this was visible on a service status page: Delinea Secret Server – also…

DoublePulsar
Show threadKevin BeaumontApr 14, 2024

As far as I can see Delinea have no responsible disclosure programme or vulnerability reporting contact.

They did, however, do a podcast about how to run one 😬 https://delinea.com/events/podcasts/responsible-disclosure-programs-katie-moussouris-casey-ellis

Podcast: Responsible Disclosure Programs | Moussouris, Ellis

Katie Moussouris and Casey Ellis join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.

Delinea
Show threadfaebudoApr 14, 2024
@GossiTheDog It's in their responsible disclosure policy pdf: [email protected]
here: https://trust.delinea.com/?itemUid=56583ca0-6561-4cf3-a150-8c0c45d214cf
Show threadEuph0r14

@faebudo @GossiTheDog Internet archive shows it already existed in March at-least. Wonder how easily it could be found / if thats where it was reported to by Cert and the original researcher.

Anyways big snafu as the original contact the researcher had should have guided him there..

Apr 14, 2024 at 10:13amWeb